On 04/10/2014 18:44, John Smithee wrote:
John Smithee wrote, On 10/04/2014 05:07 PM:
Thomas Bätzler wrote, On 10/04/2014 03:56 PM:
Hi,
Am 04.10.2014 um 13:06 schrieb John Smithee:
Ok, I admit using "ping -I" was a bad example. The whole point I tried
to make is, that the second net (69.0) cannot reach any other IP
outside its own net.
The goal is to let 69.0 reach the world via this gateway machine
68.22/69.22.
Is some iptables needed in this case?
You do have IP forwarding enabled?
If not, enable it using
echo "1" > /proc/sys/net/ipv4/ip_forward
and try again.
HTH,
Thomas
Yes, ip frowarding is enabled.
After doing much research on the net and experimenting
I think (still testing) I finally found a solution,
but it's unfortunately a little bit complicated.
I'll summarize later.
I finally managed to get it working with these steps:
IF0="eth0"
NW0="192.168.68.0/24"
ET0="192.168.68.22"
GW0="192.168.68.254"
TAB0="my0" # must be defined in /etc/iproute2/rt_tables, f.e. 100 my0
IF1="eth1"
NW1="192.168.69.0/24"
ET1="192.168.69.22"
GW1="192.168.69.7"
TAB1="my1" # must be defined in /etc/iproute2/rt_tables, f.e. 101 my1
ip route add $NW0 dev $IF0 src $ET0 table $TAB0
ip route add default via $GW0 table $TAB0
ip route add $NW1 dev $IF1 src $ET1 table $TAB1
ip route add default via $GW1 table $TAB1
ip route add $NW0 dev $IF0 src $ET0
ip route add $NW1 dev $IF1 src $ET1
# your preference for default route:
ip route add default via $GW0
ip rule add from $ET0 table $TAB0
ip rule add from $ET1 table $TAB1
ip rule add to $ET0 table $TAB0
ip rule add to $ET1 table $TAB1
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
This solution is not that bad, though IMHO complicated.
But one thing is still missing: 69.* cannot ping
the IP 68.22, but other than that it can reach everything else.
If someone knows a simpler solution pls let me know, thx.
Here are some references where I found the above stuff:
http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/
http://www.linuxhorizon.ro/iproute2.html
http://www.lartc.org/howto/lartc.rpdb.html
http://www.lartc.org/howto/lartc.rpdb.multiple-links.html
This seems overly complicated for what sounds like a simple routing
solution. I'm guessing there must be something slightly out of the
ordinary about your setup or I'm mising something. I'm assuming
something like this
MACHINE1-x.69.7 ----> .69.22 - MACHINE2 - .68.22 ----> .68.254 -
DEFAULT ROUTER --> internet
the routing table for machine1 should be
default 192.168.69.22 0.0.0.0 eth0
192.168.69.0 * 255.255.255.0 eth0
and for machine2 is should be
default 192.168.68.254 0.0.0.0 eth0
192.168.68.0 * 255.255.255.0 eth0
192.168.69.0 * 255.255.255.0 eth1
The only issue you have is that there either needs to be a route on your
external router to 192.68.69.0/24 via 192.168.68.22 or as you have it
above an iptables rule to masquerade any address on the 192.168.69
domain to the eth0 address so that the replies from outside your network
know how to get back to your private subnet.
John
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
